Systems and methods for identifying biometric information as trusted and authenticating persons using trusted biometric information

ABSTRACT

Systems and methods of identifying biometric information as trusted and authenticating persons using trusted biometric information are provided. Biometric information can be identified as trusted by comparing it to other biometric information and/or based on the age of the biometric information and/or receiving correct answers to questions based on personal information. Once biometric information has been identified as trusted it can be used as part of an authentication process by receiving biometric information from a person to be authenticated and comparing the received biometric information with the trusted biometric information.

BACKGROUND OF THE INVENTION

The costs associated with fraud are rapidly increasing every year. It iscommon to employ some type of identity verification to combat fraud.Thus, for example, merchants frequently require persons writing checksto provide a government-issued identification so that the signature onthe check can be compared to the signature on the government-issuedidentification and the picture on the government issued identificationcan be compared to the person presenting the check. Although this worksquite well for verifying in-person transactions, it does not work forother types of transactions, such as online transactions, telephonictransactions, and in-person automated transactions.

SUMMARY OF THE INVENTION

Most online transactions and in-person automated transactions havemultiple levels of verification, such as requiring the provision of acredit verification value (CVV or CVV2) and/or billing address zip code.However, this type of information is easily obtainable either from thecredit card and/or a copy of the credit card bill. Thus, for example, ahusband can use his wife's credit card without her knowledge and themerchant accepting the credit card will assume the wife has initiatedthe transaction because he is able to provide the credit cardverification value and/or billing address zip code.

More advanced verification techniques use biometrics, such asfingerprints, voice prints, retinal scans, etc. Specifically, when aperson needs to be authenticated the person provides a biometric, whichis then compared to a stored biometric. In order for these types oftechniques to be secure there must be mechanisms for ensuring that thestored biometric was actually obtained from a particular person. Theeasiest way to do this would be to require the person to show upin-person and provide a government-issued identification forverification when providing the biometric. While this provides arelatively secure way to obtain the initial biometric, it is veryinconvenient and incompatible with peoples' growing expectations to beable to conduct all transactions remotely, e.g., online or over thetelephone.

Accordingly, exemplary embodiments of the present invention providetechniques for authenticating people using biometrics in such a way thatthe stored biometrics are trusted without inconveniencing users.Specifically, exemplary embodiments of the present invention can usestored biometrics that were obtained from independent informationsources and independently of the authentication process, either alone oralong with other information, to determine whether the stored biometricsare to be considered as trusted biometrics that can be used toauthenticate a person providing real-time biometrics.

In accordance with certain embodiments a method involves a centralizedcomputer receiving personal information for a first person from aplurality of independent sources, wherein the personal information forthe first person includes a first historical biometric information froma first one of the plurality of independent sources; comparing an age ofthe first historical biometric information to a predetermined agethreshold; identifying the first historical biometric information asfirst trusted biometric information when the age of the first historicalbiometric information is greater than or equal to the predetermined agethreshold; receiving a request to authenticate a person, wherein therequest to authenticate includes second biometric information; comparingthe second biometric information with the first trusted biometricinformation; determining a first similarity measure based on thecomparison of the second biometric information with the first trustedbiometric information; and authenticating the person as the first personwhen the first similarity measure is greater than or equal to a firstsimilarity measure threshold.

The first and second biometric information can be voice biometricinformation. The method can further involve the centralized computerreceiving additional, non-biometric personal information for the firstperson from one of the plurality of independent sources and comparingthe additional, non-biometric personal information for the first personwith other non-biometric personal information for the first person,wherein the other non-biometric personal information is obtained from asource other than the plurality of independent sources, wherein thefirst historical biometric information is identified as first trustedbiometric information when the age of the first historical biometricinformation is greater than or equal to the predetermined age thresholdand the additional, non-biometric personal information matches the othernon-biometric personal information.

The centralized computer can receive an indication whether therelationship with the first person has been maintained in good standingfor a predetermined period of time and the first historical biometricinformation can identified as first trusted biometric information whenthe age of the first historical biometric information is greater than orequal to the predetermined age threshold and the relationship with thefirst person has been maintained in good standing for a predeterminedperiod of time.

The personal information for the first person can be received from thefirst one and second one of the plurality of independent sources in bulkwith personal information for a plurality of other persons. Further, thepersonal information for the first person and the plurality of otherpersons includes historical voice biometric information obtainedindependent of a process of identifying the first historical biometricinformation first trusted biometric information.

The second biometric information can be near-real-time biometricinformation. Additionally, the person can be authenticated as the firstperson based exclusively on whether the first similarity measure isgreater than or equal to the first similarity measure threshold.

The authentication of the first person can also involve the centralizedcomputer comparing the second biometric information with biometricinformation in a blacklist of known fraudsters.

Moreover, the first person can have a device executing an application,and after authenticating the person as the first person the method canalso involve receiving, by the application from the centralizedcomputer, a single-use password; providing, by the application, thesingle-use password to the person; providing, by the person to a thirdparty, a user name and the single-use password; transmitting, by thethird party, the user name and a password to the centralized computer;and receiving, by the third party, an authorization of the person whenthe password transmitted to the centralized computer matches thesingle-use password.

In accordance with another aspect of the present invention, a method caninvolve a centralized computer receiving a request to authenticate aperson, wherein the request is received from an application executing ona device in possession of the person and the request includes firstbiometric information captured from the person and payment credentialsfor a first person; attempting to authorize payment using the paymentcredentials; and authenticating the person as the first person when thepayment is authorized based on the payment credentials.

Additionally, the first biometric information can be flagged asuntrusted and the first biometric information can be added to ablacklist when the payment is not authorized based on the paymentcredentials.

The method can also involve comparing the first biometric informationwith biometric information of known fraudsters, wherein the person isnot authenticated when the first biometric information matches biometricinformation of one of the known fraudsters.

The method can further involve the centralized computer initiating acontact using contact information associated with the first person andsoliciting from a person answering the contact answers to questions thatare generated using the personal information for the first person,wherein the person is authenticated as the first person when the paymentis authorized based on the payment credentials and the answers providedby the person answering the contact match the personal information forthe first person.

When the payment is not authorized based on the payment credentials, themethod can further involve the centralized computer selecting a dynamicsearch group of individuals having an association with the first person;comparing available biometric information for each of the individuals inthe dynamic search group with the first biometric information; anddetermining a similarity measure based on the comparison of theavailable biometric information for each of the individuals in thedynamic search group with the first biometric information. When thesimilarity measure for a particular one of the individuals is greaterthan or equal to a predetermined similarity measure the individuals areadded to a blacklist.

Other objects, advantages and novel features of the present inventionwill become apparent from the following detailed description of theinvention when considered in conjunction with the accompanying drawings.

BRIEF DESCRIPTION OF THE DRAWING FIGURES

FIG. 1 is a block diagram of an exemplary system in accordance with thepresent invention;

FIGS. 2A-2E are flow diagrams of exemplary methods in accordanceexemplary embodiments of the present invention;

FIGS. 3A-3C are flow diagrams of exemplary methods for identifyingtrusted biometric information in accordance with the present invention;

FIG. 4 is a ladder flow diagram of an exemplary method of using trustedbiometric information to generate and employ single-use passwords inaccordance with the present invention;

FIGS. 5A and 5B are ladder flow diagrams of an exemplary method of usingtrusted biometric information to generate temporary accounts inaccordance with the present invention;

FIG. 6 is a flow diagram of an exemplary method for using trustedbiometric information for voting in accordance with the presentinvention; and

FIGS. 7A and 7B illustrate a flow diagram of another exemplary methodfor authentication.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

FIG. 1 is a block diagram of an exemplary system in accordance with thepresent invention. A centralized computer 120 is arranged so that itreceives historical personal information regarding a number of differentpersons from a plurality of independent information sources 100. Theinformation sources 100 include one of more banks 102, merchants 104,internet merchants 106, internet service providers (ISPs) 108, mobilecarriers 110, credit bureaus 112, and blacklists and/or whitelists 114.The particular information sources illustrated in FIG. 1 are merelyexemplary and the centralized computer 120 can receive historicalpersonal information from one of the information sources, all of theinformation sources, or a subset of the information sources. Further,the centralized computer 120 can receive historical personal informationfrom information sources other than those illustrated in FIG. 1.

The historical personal information can include one or more biometricinformation and/or non-biometric information. The biometric informationcan be any type of biometric information including, but not limited to,voice biometric information, fingerprint biometric information, retinalscan biometric information, and/or the like. The non-biometricinformation can include any other type of information about a personincluding, but not limited to, credit history, current and pastaddresses, telephone number(s), electronic mail address, transactionhistory, social security number, and/or the like. Different informationsources 100 can provide the same or different type of biometric and/ornon-biometric information.

The personal information provided by information sources 100 arereferred to as “historical” to denote that the information waspreviously received and stored by an information source independent ofthe processing by centralized computer 120. Thus, for example, a bank102 can provide historical voice biometric information that wascollected from recorded telephone calls with a particular person whenthe person was inquiring about his/her account. The bank 102 wouldprovide this historical voice biometric information along withidentification information of the customer that provided the historicalvoice biometric information and any other information, such as the dayand time on which the historical voice biometric information wasrecorded. Banks and other information sources typically store suchinformation for a period of time for quality assurance and fraudprevention. For example, when a customer later disputes a charge orbill, the bank or other information source can access the storedinformation in order to determine at that time whether the storedinformation was provided by the actual customer. This one-off fraudprevention, however, is significantly different from the establishmentof trusted biometrics by a centralized source as in the presentinvention.

As will be discussed in more detail below, the centralized computer 120processes the stored personal information to determine whether it can beconsidered as trusted so that it can be used to authenticate futuretransactions for information users 130. As illustrated in FIG. 1, theinformation users 130 include one of more banks 132, merchants 134,internet merchants 136, internet service providers (ISPs) 138, mobilecarriers 140, credit bureaus 142, and blacklists and/or whitelists 144.The particular information users illustrated in FIG. 1 are merelyexemplary and the centralized computer 120 can authenticate futuretransactions for one of the information users, all of the informationusers, or a subset of the information users. Further, the centralizedcomputer 120 can authenticate transactions for information users otherthan those illustrated in FIG. 1.

As will be appreciated in view of the methods discussed below,centralized computer 120 acts as a single, universal repository ofbiometric and associated non-biometric personal information that can beused to authenticate persons using biometric information captured inreal-time or near-real-time from persons to be authenticated. Becausecentralized computer 120 is not associated with any particularinformation source, it is able to obtain and aggregate a large amount ofbiometric and associated non-biometric personal information compared toany individual information source. Further, by aggregating biometric andassociated non-biometric information for any particular person from anumber of sources, the determination of whether the historical biometricinformation is to be trusted is more reliable than can typically beobtained by any single source. For example, a bank may have a number ofvoice prints and associated personal information for a particular personbut the voice prints may not have ever been produced by the actualperson associated with the personal information because a fraudsteropened and used the account with stolen personal information. In thiscase the bank may determine that the fraudster is the actual personauthorized because when the fraudster submits a voice print forauthentication it is being compared to a historical voice print providedby the fraudster.

Now that an overview of the overall system of the present invention hasbeen provided, methods of identifying biometric information as trustedand using the trusted biometric information for authentication will bedescribed in more detail below in connection with FIGS. 2A-7B. FIGS. 2Aand 2B are flow diagrams of exemplary methods in accordance exemplaryembodiments of the present invention. Turning first to FIG. 2A,centralized computer 120 receives personal information for a pluralityof persons from one or more information sources 100 (step 202).Centralized computer 120 then selects personal information for one ofthe plurality of persons (step 204) and determines whether the personalinformation for the selected person is trusted personal information(step 206). The particular manner of determining whether personalinformation is trusted personal information will be described in moredetail below in connection with FIGS. 3A-3C. As illustrated by thereturn path from step 206 to step 204, the centralized computer 120 willcontinue to process the personal information received from theinformation sources 100 for each of the plurality of persons in order toestablish personal information as trusted personal information, whichincludes trusted biometric information.

Once biometric information is established as trusted biometricinformation, an information user 130 can capture biometric informationfrom a person to be authenticated and contact the centralized computer120 for authentication of the person using the captured biometricinformation. The contact by the person to be authenticated to theinformation user 130 can be an in-person contact or a remote contact,such as by an inbound call, electronic mail, text, a web page, and/orthe like. When centralized computer 120 receives a request toauthenticate a person, which includes biometric information capturedfrom the person requiring authentication, from an information user 130(step 208), the centralized computer 120 compares the captured biometricinformation with the trusted biometric information (step 210). As willbe described in more detail below in connection with the methodsillustrated in FIGS. 3A and 3B, the trusted biometric can be a singlebiometric or more than one biometric. When there is more than onetrusted biometric, the comparison can be to any of the trustedbiometrics or can be with a composite of the trusted biometrics. Thecentralized computer 120 uses this comparison to determine a similaritymeasure (step 212), which indicates a measure of the similarity betweenthe captured biometric information and the trusted biometricinformation.

When the centralized computer 120 determines that the similarity measureis greater than or equal to a similarity measure threshold (“Yes” pathout of decision step 214), then the authentication is successful (step218), which means that the person to be authenticated (i.e., the personwhose captured biometric was received in step 208) is the authenticindividual (i.e., the person from whom the trusted biometric wasobtained). Accordingly, the centralized computer 120 can inform theinformation user 130 that requested authentication that theauthentication was successful, the authentication can be used toauthorize payment for a transaction, the authentication can be used toauthorize the generation of a single-use password, and/or the like.Further, the captured biometric can be stored by the centralizedcomputer 120 as a trusted biometric along with the previously storedtrusted biometric(s) and other information for the person.

When the centralized computer 120 determines that the similarity measureis less than a similarity measure threshold (“No” path out of decisionstep 214), then the authentication has failed (step 216). A number ofdifferent responses can be performed when authentication has failed.First, the information user 130 that sent the authentication request isinformed that the authentication has failed. As an alternative or inaddition to notifying the information user 130 that the authenticationhas failed, dynamic search groups can be employed to identify fraudstersthat may have a relationship with the authentic person as illustrated inFIG. 2B.

Turning now to FIG. 2B, when authentication has failed (step 216), thecentralized computer 120 selects a dynamic search group to identifybiometrics associated with other individuals (step 220). The dynamicsearch group is intended to identify persons that may have unauthorizedaccess to personal information of the authentic person. Thus, forexample, persons living in the same apartment building may be part of adynamic search group because a fraudster living in the apartmentbuilding may be able to intercept mail, such as credit offers, intendedfor the authentic person. Other criteria for establishing dynamic searchgroups includes, but is not limited to, persons in the same household(e.g., based on address and surname), a mailing address (excludingapartment numbers), a census block group, a zip code, a zip code plus 4(i.e., a five digit zip code and four digit extension), and a distanceradius around the mailing address of the authentic person based on thelatitude and longitude of the mailing address. Further, the dynamicsearch group can be created based upon similarity of certain informationto the authentic person, such as similarity of account number, socialsecurity number, telephone number, electronic mail address, and InternetProtocol (IP) address.

The centralized computer 120 identifies and excludes authorizedindividuals from the dynamic search group (step 222). Thus, for example,if the authentic person is a women and her husband is also authorized onthe account then the husband would be excluded from the dynamic searchgroup. The centralized computer 120 then compares the captured biometricused for the authentication (i.e., from step 208) to biometrics ofpersons from the dynamic search group to determine a similarity measure(step 226). When centralized computer 120 determines that the similaritymeasure is greater than or equal to a similarity measure threshold(“Yes” path out of decision step 228), then centralized computer 120 canadd the captured biometric to a blacklist along with an identificationof the matching person from the dynamic search group, proper authoritiescan be notified of the fraudulent activity, the authentic person can benotified of the potential fraudulent activity, and/or the informationuser 130 that sent the authentication request can be notified that theperson calling from whom the information user 130 captured the biometricthat is used in step 208 is different than the authentic user or thatthe authenticated failed (step 230). Otherwise, when centralizedcomputer 120 determines that there is no match between the capturedbiometric and biometrics from the dynamic search group then processingends (step 232). The similarity measure threshold used as part of thedynamic search group process can be the same or different from thesimilarity measure thresholds used to determine trusted biometrics,which is described below, or the similarity measure threshold used aspart of the authentication (step 214 described above).

As an alternative to, or in addition to, using dynamic search groups,the captured biometric can be added to a blacklist based on a similaritymeasure, which is illustrated in FIG. 2C. Accordingly, when theauthentication fails (step 216) centralized computer 120 compares thesimilarity measure generated in step 212 using the captured and trustedbiometrics to another similarity measure threshold (step 240). To avoidinadvertently adding a captured biometric to a blacklist due to, forexample, the authorized person having a temporary affliction affectinghis/her voice or a bad quality capture, the other similarity measurethreshold can be set lower than the similarity measure threshold usedfor authentication in step 214. Accordingly, when centralized computer120 determines that the similarity measure is greater than or equal tothe other similarity measure threshold (“No” path out of decision step240), then no further action is taken (step 244). If, however,centralized computer 120 determines that the similarity measure is lessthan the other similarity measure threshold (“Yes” path out of decisionstep 240), then centralized computer 120 can add the captured biometricto a blacklist (step 242).

The captured biometric can then be used in the dynamic search groupprocess of FIG. 2B, and if there is a match then the captured biometriccan be added to the blacklist along with an identification of thematching person from the dynamic search group. Further, a variety ofdifferent entities can be notified of the fraudulent activity, such asthe proper authorities, the authentic person, the requesting informationuser 130, other information users 130 having a relationship with theauthentic user, and/or information sources 100. These notifications caninclude a variety of attributes, including biometric and non-biometricinformation (e.g., an electronic mail address of the fraudster, which inthis case would be the person to be authenticated). Additionally, thebiometric and/or non-biometric information from the fraudster can beused as part of a cascaded search in which this information is comparedto other information received by centralized computer 120 frominformation sources 100 in order to identify other instances ofpotential fraud. Thus, for example, the ANI of the telephone number usedby the fraudster can be compared to telephone numbers associated withother persons, which may then identify other instances in which thefraudster, using the same telephone number, conducted transactionsand/or authentications posing as the other persons.

FIG. 2D is a flow diagram illustrating an exemplary method that isperformed when the initial authentication failed. When the initialauthentication failed (step 216), the centralized computer 120establishes contact with the person to be authenticated using onnon-biometric personal information (step 250). For example, the personto be authenticated can be contacted by telephone using a telephonenumber derived from the account record, automatic number identification(ANI), or other non-biometric personal information. The centralizedcomputer 120 can capture biometric information is during the contact(step 252). For example, assuming that the biometric captured in step210 was based on a telephone call to the customer service operations ofthe entity operating the centralized computer 120 or of an informationuser 130, an operator or interactive voice response (IVR) system asksthe person answering the contact whether they are on the phone with thecustomer service operations and whether they have the same “name” thatwas supplied during the contact of step 210. The response to thisinquiry is used as the captured biometric in step 252.

The centralized computer 120 compares the captured biometric informationwith the trusted biometric information (step 254) to determine asimilarity measure (step 256). Again, the trusted biometric informationcan be one or both of the first and second historical biometricinformation and/or a composite of the first and second historicalbiometric information. When the centralized computer 120 determines thatthe similarity measure is greater than or equal to a similarity measurethreshold (“Yes” path out of decision step 258), then the authenticationis successful and the authorized user is asked whether they arecurrently connected to customer service. If the authorized userindicates that they are not connected to customer service (“No” path outof decision step 264), then the interaction is canceled (step 266). If,however, the authorized user indicates that they are connected tocustomer service (“Yes” path out of decision step 264), then theinteraction is allowed to proceed (step 268). In this case thecentralized computer 120 can add the captured biometric received in step208 to a blacklist because the matching of the biometrics with theoutbound contact in step 250 provides assurances that the biometriccaptured from the outbound contact is received from the actual person tobe authenticated.

When the centralized computer 120 determines that the similarity measureis less than a similarity measure threshold (“No” path out of decisionstep 258), then it is determined that the authorized user was notreachable (step 262). Step 262 could also involve adding one or morecaptured biometrics to a blacklist, either automatically or based uponadditional processing. Specifically, the failure of both of thebiometric comparisons of steps 210 and 254 indicates that bothbiometrics are possibly fraudulent. Accordingly, both biometrics couldbe compared to each other determine whether there is a match, and ifthere is a match then both biometrics can be compared to a blacklist andadded to the blacklist if there is a matching biometric. If, however,there is not a match between the biometrics of steps 210 and 254, thenthe biometric of step 210 is likely fraudulent and can be added to ablacklist. Further investigation can also be performed to attempt toidentify whether one or both of the captured biometrics is from afraudster, which may require human intervention. Additionally, anyaction relating to an inbound contact from which the biometric iscaptured in step 208 can be suspended. The similarity measure thresholdused for the comparison in the method illustrated in FIG. 2D can thesame or a different similarity measure threshold to those used in theinitial authentication of FIG. 2A or the trust establishment of FIG. 3A.

A method similar to that illustrated in FIG. 2D can also be used forhigh-risk transactions, which will now be described in connection withFIG. 2E. Those skilled in the art will understand that there are avariety of ways of identifying a particular transaction as a high-risktransaction, such as by using a predictive model with a score above arisk threshold (e.g., a Falcon fraud score from Fair, Isaac), and/or apredictive model derived from transaction data, biometric and/ornon-biometric information. Other ways of identifying a particulartransaction as a high risk transaction include the transaction beingabove a certain amount (e.g., above $2,000) when other purchases by theperson have been much lower, a transaction occurring in a differentgeographic location from where a person normally makes transactions(e.g., a different state or country), the particular transactionoccurring within a short period of time of a previous transaction,and/or the like. The present invention is equally applicable to anymanner of identifying a high-risk transaction. The term transactionshould be understood in its broadest sense to include all types oftransactions including, but not limited to, purchases and changes tobiometric and/or non-biometric information (e.g., changing a mailingaddress, contact telephone number, etc.)

First, it should be noted that the method of FIG. 2D is a continuationof the method of FIG. 2A in which a person to be authenticated can, forexample, make an inbound call to the centralized computer 120 forauthentication, whereas the method FIG. 2E assumes that a trustedbiometric has been established (steps 202-206 of FIG. 2A) but does notrequire the inbound call processing of steps 210-218 of FIG. 2A. Thus,the method of FIG. 2E can be started after steps 202-206 of FIG. 2A havebeen performed to establish the trusted biometric. When a high-risktransaction is identified (step 249), then the centralized computer 120establishes contact with the person to be authenticated (step 250). Theperson to be authenticated can be contacted by telephone using atelephone number derived from the account record, automatic numberidentification (ANI) if this is provided by an information user 130 thatis currently engaged in a call with the person attempting the high-risktransaction, or other non-biometric personal information. The personreceiving this outbound contact is asked whether they are the authorizeduser for the account. If not, the contact is disconnected and anotheroutbound contact is attempted using an alternate contact. For example,the first contact may be to the authorized user's home telephone numberand the authorized user's spouse, who is not authorized, answers thetelephone. In this case, the spouse would respond that they are not theauthorized user, and then the authorized user's mobile telephone numberwould be used as the alternative way to contact the authorized user. Ifthe authorized user cannot be contacted then the high-risk transactionmay be denied and the processing ends. If, however, the person answeringthe contact indicates that they are the authorized user, then biometricinformation is captured during the contact from the person purporting tobe the authorized user (step 252). Steps 254, 256, and 258 are performedin a similar manner to that discussed above in connection with FIG. 2D.

Like the method of FIG. 2D, if the centralized computer 120 determinesthat the similarity measure of comparison of the captured and trustedbiometrics is greater than or equal to the similarity measure threshold(“Yes” path out of decision step 258), then the authentication issuccessful because it has been determined that the person answering thecontact is the authorized user. In contrast to the method of FIG. 2D,when the biometric comparison is less than the similarity threshold(“No” path out of decision step 258), then the captured biometric isautomatically added to the blacklist (step 262A). Further, unlike themethod of FIG. 2D, when the authentication is successful, the authorizeduser is asked, for example, whether they made a particular purchase orchange in biometric and/or non-biometric information (step 260A). If theauthorized user indicates that they did not make a particular purchase(“No” path out of decision step 264A), then the transaction is canceled(step 266). If, however, the authorized user indicates that they didmake the particular purchase (“Yes” path out of decision step 264A),then the transaction is allowed to proceed (step 268A).

For cost and efficiency reasons the contact established with the personto be authenticated in step 250 and for the query of step 260A ispreferably automated. Further, although this contact was described asbeing performed by telephone, the contact could also be made using anelectronic mail or text message with a link to a browser-basedapplication to perform the same functions. Similarly, if the person tobe authenticated has a mobile application, such as the one describedbelow in connection with FIGS. 4-5B, then the contact can be made bymaking the contact with the mobile application.

Although FIGS. 2D and 2E illustrate the capturing of the biometric andquerying the user as separate, sequential steps, the biometric can becaptured as part of the query. In this case the determinations of steps258 and 264 or 264A can be performed simultaneously and only a positiveresult of both determinations will result in the transaction orinteraction being allowed to proceed. The querying of the authorizeduser in steps 260 and 260A of FIGS. 2D and 2E respectively can includequestions in addition to whether the person is currently connected tocustomer service or whether the person has made the high risktransaction. These additional questions can be based upon non-biometricpersonal information, such as those described below in connection withFIG. 3C. In this case, the determination of whether the query issuccessful in steps 264 and 264A would also involve determining that allof the questions have been answered correctly.

Although FIGS. 2A-2E illustrate the authentication being performed basedsolely on a comparison between a trusted biometric and a storedbiometric, other information can be employed as part of theauthentication. For example, additional, non-biometric personalinformation can be received along with the captured biometricinformation, and authentication can be based on whether the similaritymeasure is greater than or equal to the similarity measure threshold andwhether the additional, non-biometric information matches othernon-biometric information that was previously received from informationsources 100. Another factor that can be employed is whether a person hasbeen in good standing with one of the information sources 100 for apredetermined period of time.

The authentication technique described above in connection with the flowdiagram of FIG. 2A assumes that a trusted biometric is established priorto the authentication of a captured biometric. However, when a trustedbiometric is not available prior to the authentication and a historicalbiometric is available, the historical biometric can be determined astrusted as part of the authentication. Specifically, the centralizedcomputer 120 compares the historical biometric to a captured biometric(step 210) and determines a similarity measure based on this comparison(step 212). When the centralized computer 120 determines that thesimilarity measure is greater than a similarity measure threshold (“Yes”path out of decision step 214), then the authentication is successful(step 218) and the historical biometric is determined to be a trustedbiometric. In this case, the similarity measure threshold may be higherthan when using a trusted biometric for authentication due to the factthat the historical biometric was not previously determined to betrusted. Furthermore, other information can be employed as part of theauthentication, such as whether additional, non-biometric informationreceived from the person matches other non-biometric information thatwas previously received from information sources 100. Another factorthat can be employed is whether a person has been in good standing withone of the information sources 100 for a predetermined period of time.

FIGS. 3A and 3B are flow diagrams of exemplary methods for identifyinghistorical biometric information as trusted biometric information. Themethod of FIG. 3A employs a comparison of historical biometricinformation to establish trusted biometric information and the method ofFIG. 3B establishes trusted biometric information based on the age ofthe biometric information. Turning first to FIG. 3A, the centralizedcomputer 120 receives first and second historical biometric informationfor a person (step 302) and compares this information (step 304).Ideally the first and second historical biometric information areoriginally provided by different, independent information sources. Thecentralized computer 120 then determines a similarity measure based onthe comparison (step 306). When the centralized computer 120 determinesthat the similarity measure is less than a similarity measure threshold(“No” path out of decision step 308), then the first and secondbiometric information cannot be determined as trusted at this time (step310). However, based upon future processing, the first and secondhistorical biometric information may be determined as trusted at a latertime. This future processing can involve, for example, determiningwhether the account is in good standing for a predetermined period oftime corresponding to the age of one of the first and second historicalbiometric information in accordance with the method illustrated in FIG.3B.

Depending upon the amount of variance between the first and secondbiometric information other actions can be taken when it is determinedthat the first and second historical biometric information cannot betrusted. For example, if the similarity measure is significantly small(i.e., the biometrics are highly dissimilar) it may be determined thatone of the first and second historical biometric information was likelyproduced by a fraudster. In this case, if additional historicalbiometric information is available from an information source that isdifferent than information source(s) that provided the first and secondhistorical biometric information, the additional historical biometricinformation can be compared to both the first and second historicalbiometric information to determine whether it matches. Because theadditional historical biometric information is obtained from a sourcethat is different and independent from the source(s) that provided thefirst and second historical biometric information there is a highprobability that the matching historical biometric information wascaptured from the actual person and the non-matching historicalbiometric information was captured from a fraudster. Accordingly, thecentralized computer 120 can inform the information source that providedthe non-matching historical biometric information that it is likely froma fraudster and/or include it in a blacklist. Indeed, anytime an anomalyis detected using any of the methods described herein an informationsource that provided the non-matching biometric or non-biometricpersonal information can be informed of the anomaly. Similarly, otherinformation sources 100 or information users 130 can be informed of theanomaly.

If the centralized computer 120 determines that the similarity measureis greater than or equal to the similarity measure threshold (“Yes” pathout of decision step 308), then the first and second historicalbiometric information is considered to be trusted biometric informationthat can be used for future authentication procedures.

Turning now to FIG. 3B, the centralized computer 120 receives firstbiometric information for a person along with an age of the biometricinformation (step 350). The age can either be an absolute valueindicating the age, e.g., a number of days, years, etc., or the age canbe an indication of the date on which the historical biometric wascaptured. The age of the historical biometric information is thencompared to a predetermined age threshold. If the centralized computer120 determines that the age of the historical biometric information isless than the predetermined age threshold (“No” path out of decisionstep 354), then the biometric cannot be trusted at this time (step 356).However, based upon future processing the first historical biometricinformation may be determined as trusted at a later time. This futureprocessing can involve, for example, using a second historical biometricinformation that is received at a later time in accordance with themethod illustrated in FIG. 3A.

It should be appreciated that the similarity measure thresholds used inthe methods illustrated in FIGS. 3A and 3B can be static or dynamic.Thus, for example, the same similarity measure threshold (i.e., a staticthreshold) can be used regardless of the source of the biometricinformation. Alternatively, the similarity measure threshold can beadjusted based upon additional information. For example, if thecentralized computer 120 receives information that a particular personhas opened a certain number of new accounts with different informationsources 100 within certain period of time the similarity measurethreshold may be set higher than if the particular person has not. Thereason for this is that opening a number of new accounts within a shortperiod of time is an indicator of fraud. It will be recognized that anynumber of different factors can be accounted for to adjust thesimilarity measure threshold for identifying a trusted biometric for aparticular person.

The methods of FIGS. 3A and 3B establish a trusted biometric usinghistorical biometric information received by the centralized computer.However, there may be instances in which there is no historicalbiometric information available to the centralized computer to establisha trusted biometric. In these instances the method illustrated by theflow diagram of FIG. 3C can be employed to establish trusted biometricinformation. Specifically, when the centralized computer 120 determinesthat there is no available historical biometric information for aparticular person (step 360), then non-biometric personal information isobtained by the centralized computer 120 from one or more informationsources 100. Next, the centralized computer 120 contacts the person forwhich a trusted biometric is to be established and answers to questionsrelated to the obtained non-biometric personal information are solicited(step 364). The manner of contacting the person should involve theability to obtain biometric information from the person. For example,the contact can be by telephone, voice or video chat, and voicebiometric information can be collected. The centralized computer 120compares the answers provided by the person with the storednon-biometric personal information (step 366) to determine whether allanswers are correct (step 368).

When the centralized computer 120 determines that not all of the answersare correct (“No” path out of decision step 368), then the biometricinformation captured during the contact cannot be trusted at this time(step 370). Various actions can be taken following this determination,such as adding the biometric to a blacklist, storing the biometric as ahistorical biometric for future processing (e.g., to identify trustedbiometrics), and/or notifying the information source that provided theinformation for which the incorrect answer was provided. When thecentralized computer 120 determines that all of the answers are correct(“Yes” path out of decision step 368), then the biometric informationcaptured during the contact can be identified as trusted (step 372).

The method of FIG. 3C can also be employed using a mobile application,such as the one described below in connection with FIGS. 4-5B.Specifically, the mobile application can capture the biometric andcompare it to a trusted, stored biometric. This comparison can beperformed on the device executing the mobile application or on thecentralized computer 120. For reduced latency or if connectivity issuesbetween the mobile application and the centralized computer 120 areanticipated, then the biometric may be encrypted and cached on thedevice so that the biometric comparison can be performed within themobile application. If, however, there is no trusted, stored biometricthen in accordance with the method of FIG. 3C the mobile applicationwould ask the questions and obtain the answers to authenticate theuser's identity. A positive authentication, i.e., the person answers allof the questions correctly, would result in the captured biometric beingidentified as a trusted biometric, which can then be sent to thecentralized computer 120 for future authorizations.

The level of security obtained using the method illustrated by the flowdiagram of FIG. 3C is increased when the non-biometric personalinformation that is used to solicit the answers to questions is obtainedfrom more than one information source compared to if this information isobtained from a single information source. The level of security can befurther increased if one or more of the questions are based the sametype of information obtained from different information sources. Anotherway to further increase the level of security would be to use private,non-public data that would generally only be known by one of theinformation sources 100 or information users 130, such as historicalpurchase information made by a particular credit card.

The methods illustrated in FIGS. 2A-2E are simple uses of trustedbiometric information for authentication. Biometric informationdetermined as trusted, for example using the methods illustrated inFIGS. 3A-3C, can be employed in other types of scenarios, such as togenerate a single-use password, which will be described below inconnection with FIG. 4, to establish a temporary account, which will bedescribed below in connection with FIGS. 5A and 5B, and/or for voting,which will be described below in connection with FIG. 6.

FIG. 4 is a ladder flow diagram of an exemplary method of using trustedbiometric information to generate and employ single-use passwords inaccordance with the present invention. A consumer that desires to employa single-use password has a device that includes a mobile application402. However, it should be recognized that this is merely exemplary andthe device need not be a mobile device but can be a non-mobile device,in which case the application would not be a mobile application.Accordingly, the consumer opens the mobile application 402 and requestsa single-use password. The mobile application 402 requests the user toprovide biometric information. After receiving the biometric informationthe mobile application 402 transmits the biometric information alongwith other user information to a biometric verification service 404(step 450). The biometric verification service 404 compares the receivedbiometric information with trusted biometric information and if there issufficient similarity a request for a single-use password is sent topassword generation service 406 (step 452). The comparison of biometricinformation can be performed in the manner described above in connectionwith FIG. 2.

Password generation service 406 then generates a single-use password andprovides it to authentication service 408 (step 454) and biometricverification service 404 (step 456). Although FIG. 4 illustratespassword generation service 406 providing the single-use password firstto authentication service 408 and then biometric verification service404, these can be performed in the opposite order or simultaneously.

Biometric verification service 404 then provides the single-use passwordto the mobile application 402 (step 458). The consumer can then use themobile application to initiate a transaction by providing userinformation and the single-use password to an information user 410 (step410). The information user 410 then sends the user information andsingle-use password to authentication service 408 (step 462) and uponsuccessful authentication the authentication service returns anauthorization response to the information user 410 (step 464).

The content of the authorization response and further processing dependsupon the desired use of the single-use password. For example, thesingle-use password can be employed for account access, in which casethe authorization merely indicates that the single-use password has beenauthenticated and the information user 410 can then allow the user ofthe mobile application 402 to access an account of information user 410.Similarly, the single-use password can be used with a conventionalbrowser on a personal computer or mobile device in connection with awebsite, such as an electronic commerce merchant. In another example thesingle-use password can be employed when the consumer operating themobile application 402 does not have a pre-existing account withinformation user 410. In this case the authentication response caninclude information about the consumer, such as name, account, mailingaddress, electronic mail address, telephone number(s), single-useaccount number, and/or the like. The information user can then employthe information about the consumer to populate its databases toestablish an account for the consumer. In yet another example, which isrelated to the previous example, the single-use password can be employedwhen the consumer operating the mobile application 402 is applying for acredit facility (e.g., a credit card or loan). In this case theauthorization response could include additional personal information,such as a social security number and previous mailing addresses. In anyof the examples above the information user 410 can also requestadditional information beyond that provided with the authorizationresponse.

Although the method illustrated in FIG. 4 was described as providing asingle-use password, the method could also be employed for translatinguser names and/or passwords for registering with an information user410. Thus, for example, a person's actual personal information, such astelephone number, mailing address and/or personal details used forpassword recovery or verification (e.g., mother's maiden name), can bestored by the authentication service 408 and the information user 410would only retain the single-use username and password. If desired,information user 410 could store dummy information provided by thecentralized computer instead of the user's actual personal information.This is particularly useful for protecting a person's personalinformation in the case of a data breach of the information user'ssystems. It also protects the person from being tracked and profiled formarketing purposes.

Although the method has been described as the mobile applicationproviding the user information and single-use password to theinformation user, this need not be the case. Rather, the user can use adifferent application to provide this information or can provide thesingle-use password completely independently of the device on which themobile application is being executed, e.g., by entering the single-usepassword into an automated teller machine (ATM) or by entering thesingle-use password into a web form using a browser. Thus, it should berecognized that the term password as used herein should be understood toencompass both alpha-numeric passwords as well as purely numericalpasswords, such as ATM personal identification numbers (PINs).

In the method described above in connection with FIG. 4 the biometricverification service 404, password generation service 406, andauthentication service 408 can be services performed by centralizedcomputer 120. Alternatively, the biometric verification service 404 andauthentication service 408 can be services performed by centralizedcomputer 120 and the password generation service 406 can be performed bya distinct entity.

FIG. 5A is a ladder flow diagram of an exemplary method of using trustedbiometric information to generate temporary accounts in accordance withthe present invention. The temporary accounts are associated with actualaccounts, and the temporary account number is translated into actualaccount number for payment processing. The temporary account numbers cantake a variety of different forms, including an arbitrary account numberthat is not related to the associated actual account number, acombination of the actual account number and an arbitrary creditverification value that is not related to a credit verification value ofthe associated actual account number, an arbitrary credit verificationvalue when the associated actual account number does not have an actualcredit verification value, etc.

A consumer that desires to employ a temporary account number has adevice that includes a mobile application 502. The mobile application502 can be, for example, an application designed for a particularmerchant or can be one that is designed solely to obtain the temporaryaccount information. However, it should be recognized that this ismerely exemplary and the device need not be a mobile device but can be anon-mobile device, in which case the application would not be a mobileapplication. Accordingly, the consumer opens the mobile application 502and requests a temporary account number. The mobile application 502requests the user to provide biometric information. After receiving thebiometric information the mobile application 502 transmits the biometricinformation along with other user information, including a paymentaccount number, to a biometric verification service 404 (step 550). Thepayment account number can be previously stored in the device and/or theapplication, or the user can be prompted to provide the payment accountnumber each time this process is performed. Further, the payment accountnumber can be centrally stored with the temporary account translationservice 508. The biometric verification service 504 compares thereceived biometric information with trusted biometric information and ifthere is sufficient similarity a request for a single-use password andtemporary account number is sent to security code generation service 506along with the payment account information (step 552). The comparison ofbiometric information can be performed in the manner described above inconnection with FIG. 2.

Security code generation service 506 then generates a single-usepassword and temporary account number and provides this informationalong with the payment account information to temporary accounttranslation service 508 (step 554) and to the biometric verificationservice 504 (step 556). Temporary account translation service 508 canbe, for example, a payment network such Visa, MasterCard, AmericanExpress, Discover, etc. Temporary account translation service 508 storesthe correspondence between the payment account information, which aswill be described below, is used to receive the temporary accountinformation from an information user 510, such as a merchant, and thenprovide the actual account information and transaction amount to aninstitution associated with the payment account information, such asbank 512. Although FIG. 5A illustrates security code generation service506 providing the single-use password and temporary account informationfirst to temporary account translation service 508 and then biometricverification service 504, these can be performed in the opposite orderor simultaneously.

The biometric verification service 504 forwards the single-use passwordand temporary account information to the mobile application (step 558).The user of mobile application 502 can then employ the temporary accountinformation to pay for a transaction with an information user 510, suchas a merchant. Accordingly, mobile application 502 sends a transactionrequest that includes the single-use password and temporary accountinformation to information user 510 (step 560). If mobile application502 is designed solely to obtain the temporary account information thenthe transaction request that includes the single-use password andtemporary account information can be manually entered by the user intothe merchant's own form, such as a website form. Information user 510then sends a request for payment authorization to temporary accounttranslation service 508 that includes the single-use password andtemporary account information (step 562). Temporary account translationservice 508 verifies the single-use password and temporary accountinformation and forwards a request for payment authorization thatincludes the actual account number and security code (e.g., CVV) thatwas translated from the temporary account number to bank 512 (step 564).The request for payment authorization can be transmitted either directlyto the bank 512 or transmitted via a payment network. Bank 512determines whether there are sufficient finds, and if so returns apayment authorization to the temporary account translation service 508(step 566). This can be sent directly to the temporary accounttranslation service 508 or via a payment network. The temporary accounttranslation service 508 then informs the mobile application 502 andinformation user 510 that the payment was authorized (steps 568 and570).

Although FIG. 5 illustrates temporary account translation service 508informing mobile application 502 that the payment has been authorized(step 568) before informing the information user 510 (step 570), thesecan be performed in the opposite order or simultaneously. Further,instead of the bank 512 informing temporary account translation service508 that the payment has been authorized, the bank 512 can forward thisto a payment network, which can then inform the information user 510and/or mobile application 502. This use of the payment network can alsobe modified so that the payment network informs the information user 510that the payment has been authorized and the information user 510 canthen inform the mobile application 502.

In the method described above in connection with FIG. 5 the biometricverification service 504, the generation of the single-use password bythe security code generation service 506, and/or the generation of thetemporary account information by the security code generation service506 can be services performed by centralized computer 120.Alternatively, the biometric verification service 504 and the generationof the single-use password by security code generation service 506 canbe performed by centralized computer 120 and the generation of thetemporary account information by the security code generation service506 can be performed by a distinct entity, such as a payment network.This payment network can be the same or different from the paymentnetwork that supports the temporary account translation service 508.

Certain embodiments of the method described above in connection withFIG. 5A assumed that the temporary account translation service could bea payment network. The present invention is not limited to using apayment network as a temporary account translation service. Rather, thetemporary account translation service can be operated by any entity,which acts as a buffer to protect a person's actual account details froman information user. This is particularly useful when the informationuser is not familiar to the person and thus the person does not want todisclose the actual account details to the information user. FIG. 5B isa ladder flow diagram of an exemplary method for using trusted biometricinformation to generate temporary accounts in accordance with thepresent invention in which the temporary account translation service isnot a payment network, and instead of the manner of payment being acredit card transaction the manner of payment is an AutomatedClearinghouse (ACH) transaction. This can be performed by directlyaccessing the ACH or an ACH processor can be employed. In this case thetemporary account translation service would translate the temporaryaccount information into a routing number for the bank from which thefunds are being drawn and the account number for the person's checking,savings, or investment account.

Steps 550-560 in FIG. 5B are the same as the corresponding steps in FIG.5A. Accordingly, when an information user 510 receives a request for atransaction that includes a password and temporary account information(step 560), the information user 510 sends a request for payment to thetemporary account translation service 508 that includes the password andtemporary account information (step 562A). Temporary account translationservice 508 determines whether the password matches the stored passwordfor the temporary account, and if there is a match the temporary accounttranslation service 508 sends a request for payment, such as an ACHrequest, to bank 512 (step 565). This request for payment will includeany information that is normally employed for authorizing an ACH paymentrequest. If the ACH payment request is authorized, the bank 512withdraws the funds from the person's checking, savings, or investmentaccount and sends the payment to the temporary account translationservice 508 (step 567). It should be recognized that although ACHtransactions can be performed in real-time, in many cases they are not.Accordingly, the transmission of the payment to the temporary accounttranslation service can be in real-time or may be delayed until the ACHtransaction processing is completed. Temporary account translationservice 508 then sends the payment to information user 510 (step 571),and information user 510 can then inform the person that the payment hasbeen authorized (step 572).

Although the methods illustrated in FIGS. 5A and 5B are described asusing the mobile application 502 for both obtaining the single-usepassword and temporary account number and delivering the single-usepassword and temporary account number to the information user 510,instead the mobile application 502 can be used for obtaining thesingle-use password and temporary account number and the user can thenprovide the single-use password and temporary account number to theinformation user 510 independent of the mobile application 502, such asby providing this information to an internet browser, a differentapplication and/or providing this information directly to theinformation user 510 at its place of business or over the telephone.

Moreover, although FIGS. 5A and 5B are described with entity 512 asbeing a bank, this need not be the case. Rather, it could also be apayment network, such as Visa, MasterCard, American Express, Discover,etc.

FIG. 6 is a flow diagram of an exemplary method for using trustedbiometric information for voting in accordance with the presentinvention. This method assumes that the person has been authenticatedusing one of the techniques described above and has a device thatexecutes an application, such as the mobile application described above.Further, the authentication techniques described above will involveauthenticating the voter ID. For ease of description this applicationwill be referred to below as the “person's application.” After a personhas been authenticated using one of the techniques described above (step602) the centralized computer 120 provides the person's application witha ballot (step 604). Once the person has completed the ballot, theperson uses the application to submit the completed ballot to thecentralized computer (step 606) and the centralized computer sends aconfirmation of receipt, which includes a summary of the votes cast bythe person, to the person's application (step 608). If the summary ofthe votes cast are satisfactory the person's application requests thatthe person provide a biometric, which is captured by the application andprovided to the centralized computer (step 610). If the summary of votescast is not satisfactory then the person can correct and resubmit theballot. The confirmation that the votes cast are satisfactory addressesthe concern that the ballot can be hijacked between the person'sapplication and the central voting server.

The centralized computer 120 compares the captured biometric informationwith trusted biometric information (step 612) and determines asimilarity measure based on the comparison (step 614). When thesimilarity measure is greater than or equal to a similarity measurethreshold (“Yes” path out of decision step 616), then the authenticationis successful and the centralized computer 120 submits the completedballot received from the person's application as a final ballot (step618). When the similarity measure is less than the similarity measurethreshold (“No” path out of decision step 616), then the authenticationhas failed. When the authentication fails, the person can be prompted toprovide another biometric and the processing of steps 610-616 isrepeated. Multiple authentication failures will require the person tomanually vote at the local polling station.

The similarity measure threshold can be the same as those used for theinitial authentication and/or identification of a trusted biometric.However, to provide an increased level of confidence that the ballot wassubmitted by an authorized person the similarity measure threshold usedin step 616 can be higher than those used for the initial authenticationand/or identification of a trusted biometric. Although the methodillustrated in FIG. 6 is described as involving a communication directlybetween the centralized computer and the person's application, there maybe another entity employed between these two. In this case the otherentity would handle the provision, receipt, and submission of the ballotand the other entity would coordinate the authentication of the capturedbiometric information with the centralized computer 120.

The authentication methods discussed above rely upon the existence of atrusted biometric as part of the authentication. However, exemplaryembodiments of the present invention do not necessarily require theexistence of a trusted biometric for authentication, which isillustrated in FIGS. 7A and 7B. This method can be used, for example,when a person decides to apply for an account, such as a bank, creditcard, and/or investment account. When there is no available historicalbiometric information for a person (step 702), the person can providepersonal information that includes a biometric and payment credentials(step 704). The payment credentials can be for one or more credit,debit, bank, and/or investment accounts. If a higher level of trust isdesired then payment credentials for two or more credit, debit, bank,and/or investment accounts can be required. The centralized computer 120uses the payment credentials to attempt to authorize a transaction for anominal amount with a payment network, bank, and/or investmentinstitution (step 706). If the payment authorization is not successful(“No” path out of decision step 708), then the biometric provided by theperson is flagged as untrusted and can be added to a biometric blacklist(step 710).

If the payment authorization was successful (“Yes” path out of decisionstep 708), then the centralized computer 120 compares the biometricprovided by the person to biometrics of known fraudsters (step 712). Thebiometrics of known fraudsters can be obtained, for example, from abiometric blacklist. If the centralized computer 120 determines thatthere is a match to one of the biometrics of known fraudsters (“Yes”path out of decision step 714), then the biometric is flagged asuntrusted (step 716). If the centralized computer 120 determines thereis not a match with one of the biometrics of known fraudsters (“No” pathout of decision step 714), then, as illustrated in FIG. 7B,non-biometric personal information is obtained for the person (step718). This non-biometric personal information can be obtained during abulk upload from one or more of the information sources 100 independentof this process or can be requested by the centralized computer 120 fromone or more information sources 100 specifically for this process.

The centralized computer 120 then solicits from the person to beauthenticated answers to questions related to the obtained non-biometricpersonal information (step 720). If the contact with the person to beauthenticated is maintained from when the person provided the personalinformation in step 704, then the solicitation of answers to questionsis performed as part of the existing contact. The manner of contactingthe person should involve the ability to obtain biometric informationfrom the person. For example, the contact can be by telephone, voice orvideo chat, and voice biometric information can be collected. Thesolicitation and collection of answers to the questions can be performedvia a person's mobile application or a browser-based application, or canbe performed independently of an application. Further, the solicitationand collection can be fully automated.

The centralized computer 120 compares the answers provided by the personwith the stored non-biometric personal information (step 722) todetermine whether all answers are correct (step 724). When thecentralized computer 120 determines that not all of the answers arecorrect (“No” path out of decision step 724), then the biometricinformation provided in step 704 cannot be trusted at this time (step726). Various actions can be taken following this determination, such asadding the biometric to a blacklist, storing the biometric as ahistorical biometric for future processing (e.g., to identify trustedbiometrics), and/or notifying the information source that provided theinformation for which the incorrect answer was provided. When thecentralized computer 120 determines that all of the answers are correct(“Yes” path out of decision step 724), then the person is authenticatedand the biometric information provided in step 704 can be identified astrusted (step 728).

It should be recognized that authentication can be performed withoutperforming all of the steps described above in connection with FIGS. 7Aand 7B. For example, the authorization can be performed based solely onthe payment authorization of step 708 or based on the paymentauthorization of step 708 and the lack of a biometric match with knownfraudsters of step 714.

It should be appreciated that the centralized computer 120 configured asa single, universal repository of trusted biometric and associatednon-biometric information is particularly useful for information usersthat do not have a pre-existing relationship with the person to beauthenticated. For example, when a person first opens a bank account thebank typically can request that the person provide personal informationand compares it to credit bureau reports. However, the informationavailable in credit bureau reports can easily be obtained by fraudstersand thus a bank may consider the person to be authentic because thepersonal information provided matches the credit bureau reports.However, by further verifying the person's identity using a trustedbiometric the bank can have a high level of confidence that the personis actually authentic.

In any of the methods described above when a fraudster is identifiedand/or a biometric is added to a blacklist, this information can beforwarded to the information source that provided the biometric and/orother information sources and information users can be informed.

The use of the term bank in the description above should be interpretedbroadly to cover any type of institution that holds funds for customers,including, but not limited to, credit unions, investment banks orinstitutions, savings and loan institutions, and/or any entity where atrust relationship is required.

For ease of understanding, some of the methods have been described abovein isolation. However, it should be recognized that these methods can becombined. For example, the dynamic search groups described in connectionwith FIG. 2B can be employed when there is a failure in theauthentication of the methods in FIGS. 7A and 7B that attempt toauthenticate using a payment authorization.

The foregoing disclosure has been set forth merely to illustrate theinvention and is not intended to be limiting. Since modifications of thedisclosed embodiments incorporating the spirit and substance of theinvention may occur to persons skilled in the art, the invention shouldbe construed to include everything within the scope of the appendedclaims and equivalents thereof.

What is claimed is:
 1. A method, comprising: receiving, by a centralizedcomputer, personal information for a first person from a plurality ofindependent sources, wherein the personal information for the firstperson includes first historical biometric information from a first oneof the plurality of independent sources and second historical biometricinformation from a second one of the plurality of independent sources;comparing, by the centralized computer, the first and second historicalbiometric information; determining, by the centralized computer, a firstsimilarity measure based on the comparison of the first and secondhistorical biometric information; identifying, by the centralizedcomputer, the first and second historical biometric information astrusted first and second biometric information when the first similaritymeasure is greater than or equal to a first similarity measurethreshold; receiving, by the centralized computer, a request toauthenticate a person, wherein the request to authenticate includesthird biometric information; comparing, by the centralized computer, thethird biometric information with the first trusted biometricinformation, the trusted second biometric information, or a composite ofat least the first and second trusted biometric information;determining, by the centralized computer, a second similarity measurebased on the comparison of the third biometric information with thefirst trusted biometric information, the second trusted biometricinformation, or the composite of at least the first and second trustedbiometric information; and authenticating, by the centralized computer,the person as the first person when the second similarity measure isgreater than or equal to a second similarity measure threshold.
 2. Themethod of claim 1, wherein the first, second, and third biometricinformation is voice biometric information.
 3. The method of claim 1,further comprising: receiving, by the centralized computer, additional,non-biometric personal information for the first person from one of theplurality of independent sources; and comparing, by the centralizedcomputer, the additional, non-biometric personal information for thefirst person with other non-biometric personal information for the firstperson, wherein the other non-biometric personal information is obtainedfrom a source other than the plurality of independent sources, whereinthe first person is identified as trusted when the first similaritymeasure is greater than or equal to the first similarity measurethreshold; and the additional, non-biometric personal informationmatches the other non-biometric personal information.
 4. The method ofclaim 3, wherein when the additional, non-biometric personal informationdoes not match the other non-biometric personal information, the methodfurther comprises: informing an information source that provided thethird biometric information or an information user that the thirdbiometric information is not associated with the first person.
 5. Themethod of claim 1, further comprising: receiving, by the centralizedcomputer, an indication whether the first person is in good standingwith at least one of the plurality of independent sources for apredetermined period of time, wherein the first and second biometricinformation is identified as trusted first and second biometricinformation when the first similarity measure is greater than or equalto the first similarity measure threshold; and the first person is ingood standing with at least one of the first or second one of theplurality of independent sources for the predetermined period of time.6. The method of claim 1, wherein the personal information for the firstperson is received from the first one and second one of the plurality ofindependent sources in bulk with personal information for a plurality ofother persons.
 7. The method of claim 6, wherein the personalinformation for the first person and the plurality of other personsincludes historical voice biometric information obtained independent ofa process of identifying the person and the plurality of other personsas trusted.
 8. The method of claim 1, wherein the first and secondsimilarity measure thresholds are the same.
 9. The method of claim 1,wherein the third biometric information is near-real-time biometricinformation.
 10. The method of claim 1, wherein the person isauthenticated as the first person based exclusively on whether thesecond similarity measure is greater than or equal to the secondsimilarity measure threshold.
 11. The method of claim 1, wherein theauthentication of the first person further comprises: comparing, by thecentralized computer, the third biometric information with biometricinformation in a blacklist of known fraudsters.
 12. The method of claim1, wherein when the second similarity measure is less than the secondsimilarity measure threshold, the method further comprises: selecting,by the centralized computer, a dynamic search group of individuals thatmay have unauthorized access to personal information of the firstperson; comparing, by the centralized computer, available biometricinformation for each of the individuals in the dynamic search group withthe third biometric information; determining, by the centralizedcomputer, a third similarity measure based on the comparison of theavailable biometric information for each of the individuals in thedynamic search group with the third biometric information; and addingany of the individuals to a blacklist when the third similarity measurefor a particular one of the individuals is greater than or equal to apredetermined third similarity measure.
 13. The method of claim 1,wherein the first person has a device executing an application, andafter authenticating the person as the first person the method furthercomprises: receiving, by the application from the centralized computer,a single-use password; and providing, by the application, the single-usepassword to the person, providing, by the person to a third party, auser name and the single-use password; transmitting, by the third party,the user name and a password to the centralized computer; and receiving,by the third party, an authorization of the person when the passwordtransmitted to the centralized computer matches the single-use password.14. The method of claim 1, wherein when the second similarity measure isless than the second similarity measure threshold, the method comprises:comparing, by the centralized computer, the second similarity measure toa third similarity measure threshold, wherein the third similaritymeasure threshold is lower than the second similarity measure threshold;and adding the third biometric information to a blacklist when thesecond similarity measure is less than the third similarity measurethreshold.
 15. The method of claim 1, wherein when the second similaritymeasure is less than the second similarity measure threshold and theperson to be authenticated as the first person provides an informationuser with the third biometric via an inbound call to the informationuser, the method comprises: initiating, by the centralized computer, acontact using contact information associated with the first person;capturing, by the centralized computer, a fourth biometric informationfrom a person answering the contact; comparing, by the centralizedcomputer, the third biometric information with a fourth biometricinformation that is received during the solicitation of answers toquestions; determining, by the centralized computer, a third similaritymeasure based on the comparison of the third biometric information withthe fourth biometric information; authenticating, by the centralizedcomputer, the person answering the contact as the first person when thethird similarity measure is greater than or equal to a third similaritymeasure threshold; querying, by the centralized computer, the personanswering the contact as to whether they initiated the call to theinformation user; and allowing an interaction between the personauthenticated as the first person and the information user when theperson answering the contact indicates that they initiated the call tothe information user.
 16. The method of claim 15, wherein the queryingfurther comprises soliciting answers to questions that are generatedusing the personal information and the interaction is allowed betweenthe person authenticated as the first person and the information userwhen the person answering the contact indicates that they initiated acall to the information user and all of the questions are answeredcorrectly.
 17. The method of claim 16, wherein when the third biometricinformation is added to a blacklist when the person authenticated as thefirst person indicates that they did not initiate the call to theinformation user or the fourth biometric information is added to theblacklist when the person answering the contact does not answer all ofthe questions correctly.
 18. The method of claim 15, wherein the thirdbiometric information is added to a blacklist when the personauthenticated as the first person indicates that they did not initiatethe call to the information user; or the fourth biometric information isadded to the blacklist when the third similarity measure is less thanthe third similarity measure threshold.
 19. The method of claim 15,wherein when the person answering the contact indicates that theyinitiated the call to the information user the method further comprises:comparing, by the centralized computer, the third biometric informationand the fourth biometric information; and adding the third biometricinformation to a blacklist when the third biometric information does notmatch the fourth biometric information.
 20. The method of claim 1,wherein the first person has a device executing an application, themethod further comprising: transmitting, by the centralized computer tothe application, a voting ballot; receiving, by the centralized computerfrom the application, a completed voting ballot and fourth biometricinformation; determining, by the centralized computer, a thirdsimilarity measure based on the comparison of the third biometricinformation with the fourth biometric information; authenticating, bythe centralized computer, the completed voting ballot as being receivedfrom the first person when the third similarity measure is greater thanor equal to a third similarity measure threshold; and submitting, by thecentralized computer, the completed voting ballot as a final ballot forthe first person when the completed ballot is authenticated.
 21. Themethod of claim 1, wherein when the second similarity measure is lessthan the second similarity measure threshold, the method furthercomprises: informing an information source that provided the thirdbiometric information or an information user that the third biometricinformation is not associated with the first person.
 22. A method,comprising: receiving, by a centralized computer, personal informationfor a first person from a plurality of independent sources, wherein thepersonal information for the first person includes first historicalbiometric information from a first one of the plurality of independentsources; receiving, by the centralized computer, a request toauthenticate a person, wherein the request to authenticate includessecond biometric information; comparing, by the centralized computer,the second biometric information with the first historical biometricinformation; determining, by the centralized computer, a similaritymeasure based on the comparison of the second biometric information withthe first historical biometric information; authenticating, by thecentralized computer, the person as the first person when the similaritymeasure is greater than or equal to a similarity measure threshold; andidentifying, by the centralized computer, the first historical biometricinformation and the second biometric information as first and secondtrusted biometric information when the similarity measure is greaterthan or equal to the similarity measure threshold.
 23. The method ofclaim 22, further comprising: receiving, by the centralized computer,additional, non-biometric personal information for the first person fromone of the plurality of independent sources; and comparing, by thecentralized computer, the additional, non-biometric personal informationfor the first person with other non-biometric personal information forthe first person, wherein the first person is authenticated when thesimilarity measure is greater than or equal to a similarity measurethreshold; and the additional, non-biometric personal informationmatches the other non-biometric personal information.
 24. The method ofclaim 22, further comprising: receiving, by the centralized computer, anindication whether the first person is in good standing with at leastone of the plurality of independent sources for a predetermined periodof time, wherein the first person is authenticated when the similaritymeasure is greater than or equal to the similarity measure threshold;and the first person is in good standing with at least one of theplurality of independent sources for the predetermined period of time.25. A method, comprising: receiving, by a centralized computer, personalinformation for a first person from a plurality of independent sources,wherein the personal information for the first person includes firsthistorical biometric information from a first one of the plurality ofindependent sources and second historical biometric information from asecond one of the plurality of independent sources; comparing, by thecentralized computer, the first and second historical biometricinformation; determining, by the centralized computer, a firstsimilarity measure based on the comparison of the first and secondhistorical biometric information; identifying, by the centralizedcomputer, the first and second historical biometric information as firstand second trusted biometric information when the first similaritymeasure is greater than or equal to a first similarity measurethreshold; identifying, by the centralized computer, a high-risktransaction; initiating, by the centralized computer, a contact usingcontact information associated with the first person; capturing, by thecentralized computer, a third biometric information from a personanswering the contact; comparing, by the centralized computer, the thirdbiometric information with the first trusted biometric information, thesecond trusted biometric information, or a composite of at least thefirst and second trusted biometric information; determining, by thecentralized computer, a third similarity measure based on the comparisonof the third biometric information with the first trusted biometricinformation, the second trusted biometric information, or the compositeof at least the first and second trusted biometric information; allowingthe high-risk transaction to proceed between the person answer thecontact and an information user and authenticating the person answeringthe contact as the first person when the third similarity measure isgreater than or equal to a third similarity measure threshold.
 26. Themethod of claim 25, further comprising: querying, by the centralizedcomputer of the person answering the contact, whether they initiated thehigh-risk transaction, wherein the high-risk transaction is allowedbetween the person authenticated as the first person and the informationuser when the person answering the contact indicates that they initiatedthe high-risk transaction.
 27. The method of claim 25, furthercomprising: querying, by the centralized computer of the personanswering the contact, whether they initiated the high-risk transaction;querying, by the centralized computer of the person answering thecontact, answers to questions that are generated using the personalinformation, wherein the high-risk transaction is allowed between theperson authenticated as the first person and the information user whenthe person authenticated as the first person indicates that theyinitiated the high-risk transaction and all of the questions areanswered correctly.
 28. The method of claim 27, wherein the thirdbiometric information is added to a blacklist when the first or secondbiometric information is not available and not all of the questions areanswered correctly.
 29. The method of claim 25, wherein the thirdbiometric information is added to a blacklist when the person is notauthenticated as the first person.
 30. The method of claim 25, whereinthe centralized computer identifies the high-risk transaction by beinginformed of the high-risk transaction by a request from the informationuser that received the high-risk transaction from the first person.